虽然,Android 4.2已经将蓝牙协议栈替换为Bluedroid,但从了解低层实现的角度BlueZ,仍是有个好的入口。因为bluedroid tools有限。
如果只是想查看源码,下面的链接会很方便:
https://android.googlesource.com/platform/external/bluetooth/bluez/+/android-4.1.2_r1
android / platform/external/bluetooth/bluez /
android-4.1.2_r1
- .gitignore
- .mailmap
- AUTHORS
- Android.mk
- COPYING
- COPYING.LIB
- ChangeLog
- CleanSpec.mk
- INSTALL
- MODULE_LICENSE_GPL
- Makefile.am
- Makefile.tools
- NEWS
- NOTICE
- README
- TODO
- ThirdPartyProject.prop
- acinclude.m4
- attrib/
- audio/
- bluez.pc.in
- bootstrap
- bootstrap-configure
- btio/
- common/
- compat/
- configure.ac
- cups/
- doc/
- gdbus/
- health/
- input/
- lib/
- network/
- plugins/
- sap/
- sbc/
- scripts/
- serial/
- src/
- test/
- tools/
- tracer/
-
[android-platform] BlueZ vs. Bluedroid stack on JB? - Grokbase
2012年10月8日 – Is it going to replace the BlueZ stack with the Bluedroid stack in ...Question
regarding qualification and tools for bluedroid · Support for non ... -
Blue Creation - Android 4.2 integrates Broadcom Bluedroid stack!
www.bluecreation.com/.../android-dumps-bluez-and-integrates-broadcom-...All we gathered until now is that Bluedroid was contributed by Broadcom and is .....regard to internet gain e-mails artful multinational
companies globe this tool, ...
下面的连接,供参考备忘:
蓝牙HCI 协议分析
之 数据包.txt - 记事本_百度文库
蓝牙 hci 命令
蓝牙测试经验 hcidump
hcidump抓取 log :
1 打开蓝牙
2 用adb shell 登陆android设备 并且用 "hcidump -w /sdcard/hcilog
3 开始测试
4 测试完成,停止stop the hcidump 然后分析 "hcilog" file.
C:\Users\kang-ibm>adb shell
$ hcidump -B -w /sdcard/hcilog
hcidump -B -w /sdcard/hcilog
hcidump: permission denied (权限不够,su)
http://fecbob.pixnet.net/blog/post/35756993
转自:http://ggyytony0921.blogspot.com/2011/09/bluetooth-3.html
BlueTooth要怎麼進測試模式要怎麼搞-3
- 6. FAE是這麼說滴
以下是FAE所提供的兩個HCI command
實際上操作的結果:
# hcitool cmd 0x03 0x1a 0x03
hcitool cmd 0x03 0x1a 0x03
< HCI Command: ogf 0x03, ocf 0x001a, plen 1
03
> HCI Event: 0x0e plen 4
01 1A 0C 00
# hcitool cmd 0x06 0x03
hcitool cmd 0x06 0x03
< HCI Command: ogf 0x06, ocf 0x0003, plen 0
> HCI Event: 0x0e plen 4
01 03 18 00
說明:
1.0
HCI OGF OCF para1
hcitool cmd 0x03 0x1a 0x03
引述FAE的描述
"進入測試模式前, 需要下 Page 694 的 7.3.18 Write Scan Enable Command (參數 0x03) 讓模組可以被測試機找到"
1.1
"hcitool cmd 0x03 0x1a 0x03"
OGF=0x03 OCF=0x1a > 這各是參考到 7.3.18 Write Scan Enable Command
"0x03" 參數"0x03"是指 Inquiry Scan enabled + Page Scan enabled.
1.2
"HCI Event: 0x0e plen 4"
"0x0e" 根據7.7.14 Command Complete Event, 是指host端的command已經完成了
"plen 4" 是HCI event的長度
"01 1A 0C 00" 根據7.7.14 Command Complete Event,
"01"表示HCI command的packet的數目(的確只有一個packet)
"1A 0C" 其實是由host HCI command的OGF(MSB-6bit)+OCF(LSB-10bit)組成的 000011 + 0000011010 = 0000 1100 0001 1010 = 0x0C1A
"0" 根據7.3.18 Write Scan Enable Command "0"表示 Write_Scan_Enable command succeeded.
2.0
HCI OGF OCF
hcitool cmd 0x06 0x03
引述FAE的描述
"Page 774 的 7.6.3 Enable Device Under Test Mode Command 則有進入 DUT 模式的 HCI command, 請參考."
2.1
"hcitool cmd 0x06 0x03"
OGF=0x06 OCF=0x3 > 這各是參考到 7.6.3 Enable Device Under Test Mode Command
2.2
"HCI Event: 0x0e plen 4"
"0x0e" 根據7.7.14 Command Complete Event, 是指host端的command已經完成了
"plen 4" 是HCI event的長度
"01 1A 0C 00" 根據7.7.14 Command Complete Event,
"01"表示HCI command的packet的數目(的確只有一個packet)
"03 18" 其實是由host HCI command的OGF(MSB-6bit)+OCF(LSB-10bit)組成的 000110 + 0000000011 = 0001 1000 0000 0011 = 0x1803
"0" 根據7.6.3 Enable Device Under Test Mode Command, "0"表示 Write_Scan_Enable command succeeded.
- 7.結論
1.
測試模式的進入似乎是由BT spec所規範了.
所以只要是用HCI command的話應該是一體適用的.
這意味著只要是通過BT spec 2.1的藍芽裝置通通可以使用這一個方法進入測試模式.
2.
整個測試的流程
待測物進入測試模式 -> BT測試治具規畫好測試項目(公司用的是安捷倫N4010A PC端程式remote control)
-> 測試治具會自動完成與待測物的溝通並且收集test plan的相關數據 -> 透過PC端的程式把治具上的數據log下來.
實際上前面1~5點都是BT學習過程的自high內容,真的solution是在第6點的時候才真的可以解決.
官方文档
http://linux.die.net/man/8/hcidump
hcidump(8) - Linux man page
Name
hcidump - Parse
HCI data
Synopsis
hcidump [-h]
hcidump [option [option...]] [filter]
Description
hcidump reads raw HCI data coming from and going to a Bluetooth device (which can be specified with the option -i,
default is the first available one) and prints to screen commands, events and data in a human-readable form. Optionally, the dump can be written to a file rather than parsed, and the dump file can be parsed in a subsequent moment.
Options
- -h
- Prints usage info and exits
- -i <hciX>
- Data is read from hciX, which must be the name of an installed Bluetooth device. If not specified, and if -r option is not set, data is read from the first available Bluetooth device.
- -l <len>, --snap-len=<len>
- Sets max length of processed packets to len.
- -p <psm>, --psm=<psm>
- Sets default Protocol Service Multiplexer to psm.
- -m <compid>, --manufacturer=<compid>
- Sets default company id for manufacturer to compid.
- -w <file>, --save-dump=<file>
- Parse output is not printed to screen, instead data read from device is saved in file file. The saved dump file can be subsequently parsed with option -r.
- -r <file>, --read-dump=<file>
- Data is not read from a Bluetooth device, but from file file. file is crated with option -w.
- -s <host>, --send-dump=<host>
- Parse output is not printed to screen, instead data read from device is send to host host.
- -n <host>, --recv-dump=<host>
- Data is not read from a Bluetooth device, but from host host.
- -t, --timestamp
- Prepend a time stamp to every packet.
- -a, --ascii
- For every packet, not only is the packet type displayed, but also all data in ASCII.
- -x, --hex
- For every packet, not only is the packet type displayed, but also all data in hex.
- -X, --ext
- For every packet, not only is the packet type displayed, but also all data in hex and ASCII.
- -R, --raw
- For every packet, only the raw data is displayed.
- -C, --cmtp=<psm>
- Sets the PSM value for the CAPI Message Transport Protocol.
- -H, --hcrp=<psm>
- Sets the PSM value for the Hardcopy Control Channel.
- -O, --obex=<channel>
- Sets the RFCOMM channel value for the Object Exchange Protocol.
- -P, --ppp=<channel>
- Sets the RFCOMM channel value for the Point-to-Point Protocol.
- -D, --pppdump=<file>
- Extract PPP traffic with pppdump format.
- -A, --audio=<file>
- Extract SCO audio data.
- -B, --btsnoop
- Use the BTSnoop file format.
- -V, --verbose
- Enables a more verbose decoding of every packet.
- -Y, --novendor
- Don't display any vendor commands or events and don't show any pin code or link key in plain text.
- -N, --noappend
- No appending to existing files. Always create new files.
Filters
filter is a space-separated list of packet categories: available categories are lmp, hci, sco, l2cap, rfcomm, sdp, bnep, cmtp, hidp, hcrp, avdtp, avctp,obex, capi and ppp.
If filters are used, only packets belonging to the specified categories are dumped. By default, all packets are dumped.
Authors
Written by Maxim Krasnyansky <maxk@qualcomm.com>
and Marcel Holtmann <marcel@holtmann.org>
man page by Fabrizio Gennari <fabrizio.gennari@philips.com>
Analysing Bluetooth Keyboard Traffic with hcidump
转自:http://www.cnblogs.com/wzh206/archive/2010/06/03/1750989.html
Use hcidump tool to analysis
BlueZ communication error
http://www.leilife.cn/?p=384
http://wenku.baidu.com/view/e1d89aed172ded630b1cb620.html
HCI Bluetooth adaptor with Linux and Bluez
http://firmware2android.wordpress.com/2013/01/07/hci-bluetooth-adaptor-with-linux-and-bluez/